St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 4-2020 Forensic Research on Solid State Drives using Trim Analysis Rusvika Reddy Nimmala [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Nimmala, Rusvika Reddy, "Forensic Research on Solid State Drives using Trim Analysis" (2020). Culminating Projects in Information Assurance. 106. https://repository.stcloudstate.edu/msia_etds/106 This Starred Paper is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. Forensic Research on Solid State Drives using Trim Analysis By Rusvika Reddy Nimmala A Starred Paper Submitted to the Graduate Faculty of St. Cloud State University in Partial Fulfillment of the Requirements for the Degree of Master of Science in Information Assurance May, 2020 Starred Paper Committee: Mark Schmidt, Chairperson Lynn Collen Sneh Kalia 2 Abstract There has been a tremendous change in the way we store data for the past decade. Hard Disk Drives, which were one of the major sources of storing data, are being replaced with Solid State Drives considering the higher efficiency and portability. Digital forensics has been very successful in recovering data from Hard Disk Drives in the past couple of years and has been very well established with Hard Disk Drives. The evolution of Solid State Drives over Hard Drive Drives is posing a lot of challenges to digital forensics as there are many crucial factors to be considering the architecture and the way data is stored in Solid State Drives. This paper gives a very detailed picture of the evolution of Solid State Drives over Hard Disk Drives. We understand the differences in their architecture and the ways to extract data from them. We further discuss in detail the various challenges Solid State Drives pose to the field of digital forensics, and we try to answer contradictory beliefs those are 1) Would data be permanently deleted in a Solid State Drives destroying the forensic evidence required to solve a case? 2) Can data be restored in a Solid State Drives by using proper techniques and still can be used as evidence in digital forensics? In this paper, we talk about the introduction of concepts such as the TRIM Command and Garbage collection, their importance, and we set up an experimental scenario where we implement the TRIM command and try extracting data from different types of Solid State Drives. We compare and evaluate the results obtained through the experiment and try to analyze the uses of the TRIM command and its performance over various Solid State Drives. The paper also discusses future work to make the role of Solid State Drives more efficient in digital forensics. 3 Table of Contents Page List of Tables ............................................................................................................................ 7 List of Figures ........................................................................................................................... 8 Chapter I. Introduction ....................................................................................................................... 13 What is Forensics? ..................................................................................................... 13 Digital forensics ........................................................................................................ 13 Digital Evidence ........................................................................................................ 14 Integrity and Dependence of Digital Evidence ......................................................... 15 The process of Digital Forensics ............................................................................... 16 Pros and cons of Digital forensics ............................................................................. 17 Problem Statement .................................................................................................... 18 Nature and Significance of the Problem .................................................................... 19 Objective of the Study ............................................................................................... 19 Study Questions ......................................................................................................... 19 Limitations of the Study ............................................................................................ 20 Definition of Terms ................................................................................................... 20 Summary ................................................................................................................... 20 4 Chapter Page II. Background and Literature Review .................................................................................. 21 Introduction ............................................................................................................... 21 Background Related to the Problem .......................................................................... 21 Literature Review Related to the Problem ................................................................ 21 Hard Disk Drive (HDD) ..................................................................................... 21 Architecture and operation of HDD ................................................................... 22 Data arrangement on hard disks ......................................................................... 23 How is Data deleted in HDD? ............................................................................ 25 How does data recovery happen in HDD? ......................................................... 29 Challenges of HDD ............................................................................................ 31 Solid State Drive (SSD) ..................................................................................... 32 Architecture and operation of SSD .................................................................... 33 How does data deletion happen in SSD? ........................................................... 36 How does data recovery happen in the SSD? .................................................... 39 Challenges of SSDs ............................................................................................ 41 Hard Disk Drive Vs. Solid State Drive .............................................................. 42 Literature Related to the Methodology ..................................................................... 47 Features and Techniques Solid-State Drives ..................................................... 47 5 Chapter Page Wear Levelling................................................................................................... 47 TRIM Functionality ........................................................................................... 51 Self-Corrosion .................................................................................................... 53 Garbage Collection ............................................................................................ 54 Encryption .......................................................................................................... 57 Summary ................................................................................................................... 58 III. Methodology ..................................................................................................................... 59 Introduction ............................................................................................................... 59 Design of the study .................................................................................................... 60 Data Collection .......................................................................................................... 60 Tools and Techniques ................................................................................................ 61 Hardware and software requirements ................................................................ 61 Test Devices ....................................................................................................... 61 Literature Related to Methodology ........................................................................... 63 How does TRIM SSD work? ............................................................................. 63 Enabling TRIM for SSDs in Windows Operating System ................................ 64 How to Check for TRIM status on SSD?........................................................... 65 How to enable TRIM for SSD? ......................................................................... 65 6 Chapter Page How to disable TRIM for SSD?......................................................................... 65 Summary .................................................................................................................. 65I IV. Data Presentation and Analysis ........................................................................................ 66 Introduction ..............................................................................................................